You are correct, I am using v4.5.2 on Debian linux (stable branch). It is the most up to date version available in the stable branch. I took your advice and upgraded it (to the next available version in the Debian testing stream - v4.6.4), and my z10 connected to the sever without any modification to the configs or certificates. Thanks for the tip!
It looks like I can't communicate with the server at all from the z10, and vice versa. I will try and work this out on my own when I have more time. Let me know if you have any suggestions to improve my current config. Thanks very much for your help! > Date: Wed, 4 Sep 2013 08:58:35 +0200 > From: tob...@strongswan.org > To: gawd0...@hotmail.com > CC: users@lists.strongswan.org > Subject: Re: [strongSwan] ikev2 vpn using PKI auth with a Blackberry Z10 > > Hi, > > You didn't write what strongSwan version you are using. But I suspect > it's something like 4.5.2, certainly before 4.6.3 because this problem here > > > Sep 3 21:39:19 firebrand charon: 12[ENC] invalid X509 hash length (0) > > in certreq > > Sep 3 21:39:19 firebrand charon: 12[ENC] CERTIFICATE_REQUEST > > verification failed > > Sep 3 21:39:19 firebrand charon: 12[ENC] could not decrypt payloads > > Sep 3 21:39:19 firebrand charon: 12[IKE] message verification failed > > should be fixed by [1], which was included in 4.6.3. > > Why the Z10 client sends an empty certificate request, which doesn't > make much sense, is another question. Perhaps the CA certificate is not > installed properly (or at all), or it always does that (bug?). > > Regards, > Tobias > > [1] http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=4ef867f5 >
_______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
